The critical infrastructure of the United States includes all those systems and assets that are essential to the proper functioning, economy, health, and safety of American society.
Are you doing enough to prevent scammers from hijacking your social media accounts? Even if you have chosen a strong, unique password for your online presence and enabled two-factor authentication it’s possible that you’ve overlooked another way in which online criminals could commandeer your social media accounts and spam out a message to your followers.
Attacks against operational technology (OT) and industrial control systems (ICS) grew dramatically in the past few years. Indeed, a 2020 report found that digital attacks against those two kinds of assets increased by over 2000% between 2018 and 2020. Many of those attacks involved vulnerabilities in Supervisory Control and Data Acquisition (SCADA) systems and other ICS hardware components or password spraying techniques.
Cybersecurity has always been a significant challenge for businesses, mostly due to the increasing financial and reputational cost of data breaches. As a result, there has been a consistent rise in tactics and technologies used to combat these threats. These methods fulfill the need for better, smarter ways to augment enterprise-level security and minimize mobile security risks.
If File Integrity Monitoring (FIM) were easy, everyone would be doing it. Actually, it is pretty easy. It’s not exactly rocket science. Practically anyone with a modicum of Python, Perl or development skills can write an app or a script to gather the checksum of a file, compare it to a list or baseline, and tell you whether or not said file has changed.
Cloud misconfigurations represent something that’s plaguing many organizations’ cloud adoption efforts. For example, a 2020 report found that 91% of cloud deployments contained at least one misconfiguration that left organizations exposed to potential digital threats. Those weaknesses contributed to more than 200 data breaches between 2018 and 2020, noted SC Magazine, with those security incidents exposing more than 30 billion records.
Cloud computing is an integral part of most businesses globally. Technology has transformed the way businesses operate and thrive in the industry. However, the cloud industry has been facing huge challenges when it comes to complying with various data protection and data privacy standards. With the enforcement of the General Data Protection Regulation (GDPR), a lot has changed for most businesses.
With all the headlines about ransomware attacks hitting companies hard, you might think there’s only bad news around the subject. Well, think again.
MITRE ATT&CK stands for MITRE Adversarial Tactics, Techniques and Common Knowledge. It’s a curated knowledge base of adversarial behavior based on real-world observation of APT campaigns.
On May 8th, I was at a gas station filling up my car before a trip I was taking when the news about a cyberattack against a large pipeline company broke. The attack led them to halt all operations. Ultimately, the incident stemmed from a ransomware infection in which a well-known threat actor took volumes of corporate data in just two hours and made their demands including the threat to block and encrypt the company’s network. They even threatened to release the data to the internet.
Amazon’s, Google’s and Microsoft’s experiences with building massive infrastructures for the world allows for some fascinating insights into the future of IT security at scale. As a result, when Google published The CISO’s Guide to Cloud Security Transformation earlier this year, I was curious about what priorities they saw in cloud security. It’s a short read, and it’s well worth the time invested in downloading a copy.
Responding to the all too familiar news of compromised Amazon cloud storage, security researchers have begun leaving “friendly warnings” on AWS S3 accounts with exposed data or incorrect permissions. The misconfiguration of access control on AWS storage “buckets” has been behind numerous high profile data breaches, including Verizon, The Pentagon, Uber and FedEx.
There is a saying in cybersecurity that “Data is the new oil.” If that is true, then that oil is powering not only the economy but also industry. The term ‘Industry 4.0’ refers to the fourth industrial revolution where traditional manufacturing and industrial processes are increasingly using IT and data to the point that we’re now seeing the emergence of ‘smart factories.’
Organizations are increasingly faced with threats from sophisticated criminal organizations and nation-state actors. To mitigate the risks posed by cyber criminals, organizations must secure and protect their proprietary and sensitive information. They must also commit to training their employees to do their part to protect proprietary and sensitive information.
Given that attacks are only increasing and there needs to be greater efficacy in how companies protect themselves, let us reference how the financial industry has created and relies on a body of standards to address issues in financial accounting as a defined comparison for Information Security. To support this argument, there is a defined contrast between information security and Generally Accepted Accounting Principles. We’ll explore this relationship in more detail below.
The Biden Administration published a new executive order (EO) to strengthen the digital security of U.S. federal government networks. Published on May 12 by The White House, the executive order covered much of what many media outlets reported would appear in the draft. This included the issue of supply chain security. For example, the EO stated that the U.S. federal government will begin requiring developers to make security data about their tools publicly available. It also said that the U.S.
Ofwat, the water services regulator for England and Wales, has revealed that it has received over 20,000 spam and phishing emails so far this year. The Water Services Regulation Authority (better known as Ofwat) which is the government department responsible for regulating the privatised water and sewage industry in England and Wales, said it had received 21,486 malicious emails so far this year – with 5,149 classified as phishing attacks.
In 2019, the hospitality industry suffered 13 percent of all data breaches, ranking third highest among targeted industries. It was two years later when NIST released SP 1800-27: Securing Property Management Systems to help hoteliers secure their Property Management Systems (PMS) and associated patron data.
The cyber security skills gap was a problem prior to the pandemic. In a survey of 342 security professionals released in early 2020, Tripwire found that 83% of security experts felt more overworked going into the new year compared to how they felt at the start of 2019. Tripwire asked respondents to elaborate on that sentiment.
Over the weekend, the Alpharetta-based Colonial Pipeline was hit by an extensive ransomware attack that shut down its information technology (IT) and industrial operational technology (OT) systems. Simply put, an all-too-common ransomware event targeting IT systems encouraged a voluntary shutdown on the production side (OT) of the business to prevent further exposure. Colonial Pipeline is responsible for 45% of the gasoline, diesel fuel and natural gas transported from Texas to New Jersey.
Amidst the pandemic overwhelming the capacity of many hospital systems, malicious hackers have been quick to target healthcare providers and medical agencies. These cyber-attacks have hit both the United States and Europe in recent months, serving as a reminder for organizations to closely review their information security posture during these times of uncertainty.
For most internet users, there’s not much of a perceivable difference between the domain name they want to visit and the server that the domain queries. That’s because the Domain Name System (DNS) protocol does a good job of seamlessly routing users to different IP addresses that are all associated with a single domain name.
The US Defense Department and third-party military contractors are being advised to strengthen the security of their operational technology (OT) in the wake of security breaches, such as the SolarWinds supply chain attack.
It’s often said that cybersecurity is hard. Anyone who has ever worked their way through the SANS Critical Controls, PCI-DSS or even something deceptively minimalist as the OWASP Top 10 knows that success in achieving these security initiatives requires time-consuming, diligent and often a multi-team effort.
The Biden administration said it’s drafting an executive order to help the United States government better defend itself against digital supply chain attacks.
Data privacy has been a hot topic in the tech world for years now. With every new technology come new regulations that require companies to completely re-examine the way they handle private data. Most companies already have a basic data privacy policy they constructed alongside lawyers and tech experts to avoid facing serious fines and penalties. However, compliance isn’t just about focusing on current regulations and meeting the bare minimum requirement to avoid legal consequences.
Most large-scale entities need to prove compliance with multiple regulatory standards. In their efforts to meet their compliance mandates, organizations could suffer a major drain on their time and resources. This possibility holds true regardless of whether they’re finance companies, retailers, manufacturers or hospitality firms. Organizations face an additional obstacle when they have an internally created compliance standard that demands enforcement.
